Use of Hard-coded Cryptographic Key Vulnerability in SonicWall GMS and Analytics
CVE-2023-34123

7.5HIGH

Key Information:

Vendor: Sonicwall
Status: Gms; Analytics
Vendor: CVE Published:; 13 July 2023

Summary

This vulnerability in SonicWall's GMS and Analytics products arises from the use of hard-coded cryptographic keys, which can be exploited by attackers to gain unauthorized access to sensitive data. Specifically, the vulnerability affects GMS versions 9.3.2-SP1 and earlier, as well as Analytics versions 2.5.0.4-R7 and prior. Without proper remediation, this issue poses significant risks to the confidentiality and integrity of user data, necessitating prompt attention from system administrators.

Affected Version(s)

Analytics 2.5.0.4-R7 and earlier versions

GMS 9.3.2-SP1 and earlier versions

References

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-202...

vendor-advisory

https://www.sonicwall.com/support/notices/230710150218060

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2023
Vulnerability Reserved
May 25, 2023